@firecms/user_management 3.0.0-canary.13 → 3.0.0-canary.130

package/src/hooks/useBuildUserManagement.tsx

@@ -0,0 +1,314 @@
+import React, { useCallback, useEffect } from "react";
+import equal from "react-fast-compare"
+
+import { UserManagement } from "../types";
+import {
+    Authenticator,
+    DataSourceDelegate,
+    Entity,
+    PermissionsBuilder,
+    removeUndefined,
+    Role,
+    User
+} from "@firecms/core";
+import { resolveUserRolePermissions } from "../utils";
+
+type UserWithRoleIds = Omit<User, "roles"> & { roles: string[] };
+
+export interface UserManagementParams {
+
+    /**
+     * The delegate in charge of persisting the data.
+     */
+    dataSourceDelegate?: DataSourceDelegate;
+
+    /**
+     * Path where the plugin users configuration is stored.
+     * Default: __FIRECMS/config/users
+     * You can specify a different path if you want to store the user management configuration in a different place.
+     * Please keep in mind that the FireCMS users are not necessarily the same as the Firebase users (but they can be).
+     * The path should be relative to the root of the database, and should always have an odd number of segments.
+     */
+    usersPath?: string;
+
+    /**
+     * Path where the plugin roles configuration is stored.
+     * Default: __FIRECMS/config/roles
+     */
+    rolesPath?: string;
+
+    /**
+     * Maximum number of users that can be created.
+     */
+    usersLimit?: number;
+
+    /**
+     * Can the logged user edit roles
+     */
+    canEditRoles?: boolean;
+
+    /**
+     * If there are no roles in the database, provide a button to create the default roles.
+     */
+    allowDefaultRolesCreation?: boolean;
+
+    /**
+     * Include the collection config permissions in the user management system.
+     */
+    includeCollectionConfigPermissions?: boolean;
+
+}
+
+/**
+ * This hook is used to build a user management object that can be used to
+ * manage users and roles in a Firestore backend.
+ * @param dataSourceDelegate
+ * @param usersPath
+ * @param rolesPath
+ * @param usersLimit
+ * @param canEditRoles
+ * @param allowDefaultRolesCreation
+ * @param includeCollectionConfigPermissions
+ */
+export function useBuildUserManagement({
+                                           dataSourceDelegate,
+                                           usersPath = "__FIRECMS/config/users",
+                                           rolesPath = "__FIRECMS/config/roles",
+                                           usersLimit,
+                                           canEditRoles = true,
+                                           allowDefaultRolesCreation,
+                                           includeCollectionConfigPermissions
+                                       }: UserManagementParams): UserManagement {
+
+    const [rolesLoading, setRolesLoading] = React.useState<boolean>(true);
+    const [usersLoading, setUsersLoading] = React.useState<boolean>(true);
+    const [roles, setRoles] = React.useState<Role[]>([]);
+    const [usersWithRoleIds, setUsersWithRoleIds] = React.useState<UserWithRoleIds[]>([]);
+
+    const users = usersWithRoleIds.map(u => ({
+        ...u,
+        roles: roles.filter(r => u.roles?.includes(r.id))
+    }) as User);
+
+    const [rolesError, setRolesError] = React.useState<Error | undefined>();
+    const [usersError, setUsersError] = React.useState<Error | undefined>();
+
+    const loading = rolesLoading || usersLoading;
+
+    useEffect(() => {
+        if (!dataSourceDelegate || !rolesPath) return;
+        if (dataSourceDelegate.initialised !== undefined && !dataSourceDelegate.initialised) return;
+        if (dataSourceDelegate.authenticated !== undefined && !dataSourceDelegate.authenticated) {
+            setRolesLoading(false);
+            return;
+        }
+
+        setRolesLoading(true);
+        return dataSourceDelegate.listenCollection?.({
+            path: rolesPath,
+            onUpdate(entities: Entity<any>[]): void {
+                setRolesError(undefined);
+                try {
+                    const newRoles = entityToRoles(entities);
+                    if (!equal(newRoles, roles))
+                        setRoles(newRoles);
+                } catch (e) {
+                    setRoles([]);
+                    console.error("Error loading roles", e);
+                    setRolesError(e as Error);
+                }
+                setRolesLoading(false);
+            },
+            onError(e: any): void {
+                setRoles([]);
+                console.error("Error loading roles", e);
+                setRolesError(e);
+                setRolesLoading(false);
+            }
+        });
+
+    }, [dataSourceDelegate?.initialised, dataSourceDelegate?.authenticated, rolesPath]);
+
+    useEffect(() => {
+        if (!dataSourceDelegate || !usersPath) return;
+        if (dataSourceDelegate.initialised !== undefined && !dataSourceDelegate.initialised) return;
+        if (dataSourceDelegate.authenticated !== undefined && !dataSourceDelegate.authenticated) {
+            setUsersLoading(false);
+            return;
+        }
+
+        setUsersLoading(true);
+        return dataSourceDelegate.listenCollection?.({
+            path: usersPath,
+            onUpdate(entities: Entity<any>[]): void {
+                setUsersError(undefined);
+                try {
+                    const newUsers = entitiesToUsers(entities);
+                    if (!equal(newUsers, usersWithRoleIds))
+                        setUsersWithRoleIds(newUsers);
+                } catch (e) {
+                    setUsersWithRoleIds([]);
+                    console.error("Error loading users", e);
+                    setUsersError(e as Error);
+                }
+                setUsersLoading(false);
+            },
+            onError(e: any): void {
+                setUsersWithRoleIds([]);
+                console.error("Error loading users", e);
+                setUsersError(e);
+                setUsersLoading(false);
+            }
+        });
+
+    }, [dataSourceDelegate?.initialised, dataSourceDelegate?.authenticated, usersPath]);
+
+    const saveUser = useCallback(async (user: User): Promise<User> => {
+        if (!dataSourceDelegate) throw Error("useBuildUserManagement Firebase not initialised");
+        if (!usersPath) throw Error("useBuildUserManagement Firestore not initialised");
+
+        console.debug("Persisting user", user);
+
+        const roleIds = user.roles?.map(r => r.id);
+        const email = user.email?.toLowerCase().trim();
+        if (!email) throw Error("Email is required");
+
+        const userExists = users.find(u => u.email?.toLowerCase() === email);
+        const data = {
+            ...user,
+            roles: roleIds ?? []
+        };
+        if (!userExists) {
+            // @ts-ignore
+            data.created_on = new Date();
+        }
+
+        return dataSourceDelegate.saveEntity({
+            status: "existing",
+            path: usersPath,
+            entityId: email,
+            values: removeUndefined(data)
+        }).then(() => user);
+    }, [usersPath, dataSourceDelegate?.initialised]);
+
+    const saveRole = useCallback((role: Role): Promise<void> => {
+        if (!dataSourceDelegate) throw Error("useBuildUserManagement Firebase not initialised");
+        if (!rolesPath) throw Error("useBuildUserManagement Firestore not initialised");
+        console.debug("Persisting role", role);
+        const {
+            id,
+            ...roleData
+        } = role;
+        return dataSourceDelegate.saveEntity({
+            status: "existing",
+            path: rolesPath,
+            entityId: id,
+            values: removeUndefined(roleData)
+        }).then(() => {
+            return;
+        });
+    }, [rolesPath, dataSourceDelegate?.initialised]);
+
+    const deleteUser = useCallback(async (user: User): Promise<void> => {
+        if (!dataSourceDelegate) throw Error("useBuildUserManagement Firebase not initialised");
+        if (!usersPath) throw Error("useBuildUserManagement Firestore not initialised");
+        console.debug("Deleting", user);
+        const { uid } = user;
+        const entity: Entity<any> = {
+            path: usersPath,
+            id: uid,
+            values: {}
+        };
+        await dataSourceDelegate.deleteEntity({ entity })
+    }, [usersPath, dataSourceDelegate?.initialised]);
+
+    const deleteRole = useCallback(async (role: Role): Promise<void> => {
+        if (!dataSourceDelegate) throw Error("useBuildUserManagement Firebase not initialised");
+        if (!rolesPath) throw Error("useBuildUserManagement Firestore not initialised");
+        console.debug("Deleting", role);
+        const { id } = role;
+        const entity: Entity<any> = {
+            path: rolesPath,
+            id: id,
+            values: {}
+        };
+        await dataSourceDelegate.deleteEntity({ entity })
+    }, [rolesPath, dataSourceDelegate?.initialised]);
+
+    const collectionPermissions: PermissionsBuilder = useCallback(({
+                                                                       collection,
+                                                                       user
+                                                                   }) => resolveUserRolePermissions({
+        collection,
+        user
+    }), []);
+
+    const defineRolesFor: ((user: User) => Role[] | undefined) = useCallback((user) => {
+        if (!users) throw Error("Users not loaded");
+        const mgmtUser = users.find(u => u.email?.toLowerCase() === user?.email?.toLowerCase());
+        return mgmtUser?.roles;
+    }, [users]);
+
+    const authenticator: Authenticator = useCallback(({ user }) => {
+        console.debug("Authenticating user", user);
+
+        if (loading) {
+            console.warn("User management is still loading");
+            return false;
+        }
+
+        // This is an example of how you can link the access system to the user management plugin
+        if (users.length === 0) {
+            return true; // If there are no users created yet, we allow access to every user
+        }
+
+        const mgmtUser = users.find(u => u.email?.toLowerCase() === user?.email?.toLowerCase());
+        if (mgmtUser) {
+            return true;
+        }
+
+        throw Error("Could not find a user with the provided email in the user management system.");
+    }, [loading, users, usersError, rolesError]);
+
+    const isAdmin = roles.some(r => r.id === "admin");
+
+    return {
+        loading,
+        roles,
+        users,
+        saveUser,
+        saveRole,
+        rolesError,
+        deleteUser,
+        deleteRole,
+        usersLimit,
+        usersError,
+        isAdmin,
+        canEditRoles: canEditRoles === undefined ? true : canEditRoles,
+        allowDefaultRolesCreation: allowDefaultRolesCreation === undefined ? true : allowDefaultRolesCreation,
+        includeCollectionConfigPermissions: Boolean(includeCollectionConfigPermissions),
+        collectionPermissions,
+        defineRolesFor,
+        authenticator
+    }
+}
+
+const entitiesToUsers = (docs: Entity<Omit<UserWithRoleIds, "id">>[]): (UserWithRoleIds)[] => {
+    return docs.map((doc) => {
+        const data = doc.values as any;
+        const newVar = {
+            uid: doc.id,
+            ...data,
+            created_on: data?.created_on,
+            updated_on: data?.updated_on
+        };
+        return newVar as (UserWithRoleIds);
+    });
+}
+
+const entityToRoles = (entities: Entity<Omit<Role, "id">>[]): Role[] => {
+    return entities.map((doc) => ({
+        id: doc.id,
+        ...doc.values
+    } as Role));
+}

package/src/types/user_management.tsx

@@ -1,4 +1,4 @@
-import { PermissionsBuilder, Role, User } from "@firecms/core";
+import { Authenticator, PermissionsBuilder, Role, User } from "@firecms/core";
 
 export type UserManagement<USER extends User = User> = {
 
@@ -22,6 +22,11 @@ export type UserManagement<USER extends User = User> = {
      */
     canEditRoles?: boolean;
 
+    /**
+     * Is the logged user Admin?
+     */
+    isAdmin?: boolean;
+
     /**
      * Include a button to create default roles, in case there are no roles in the system.
      */
@@ -39,9 +44,18 @@ export type UserManagement<USER extends User = User> = {
     collectionPermissions: PermissionsBuilder;
 
     /**
-     * Define the roles for a given user.
+     * Define the roles for a given user. You will typically want to plug this into your auth controller.
      * @param user
      */
-    defineRolesFor: (user: User) => Promise<Role[]> | Role[] | undefined;
+    defineRolesFor: (user: User) => Promise<Role[] | undefined> | Role[] | undefined;
+
+    /**
+     * You can build an authenticator callback from the current configuration of the user management.
+     * It will only allow access to users with the required roles.
+     */
+    authenticator?: Authenticator;
+
+    rolesError?: Error;
+    usersError?: Error;
 
 };

package/src/useUserManagementPlugin.tsx

@@ -1,13 +1,28 @@
-import { FireCMSPlugin } from "@firecms/core";
+import { FireCMSPlugin, useAuthController, useSnackbarController } from "@firecms/core";
 import { UserManagementProvider } from "./UserManagementProvider";
-import { UserManagement } from "./types";
+import { PersistedUser, UserManagement } from "./types";
+import { AddIcon, Button, Paper, Typography } from "@firecms/ui";
+import { DEFAULT_ROLES } from "./components/roles/default_roles";
 
 export function useUserManagementPlugin({ userManagement }: {
     userManagement: UserManagement,
 }): FireCMSPlugin {
+
+    const noUsers = userManagement.users.length === 0;
+    const noRoles = userManagement.roles.length === 0;
+
     return {
         key: "user_management",
         loading: userManagement.loading,
+
+        homePage: {
+            additionalChildrenStart: noUsers || noRoles
+                ? <IntroWidget
+                    noUsers={noUsers}
+                    noRoles={noRoles}
+                    userManagement={userManagement}/>
+                : undefined
+        },
         provider: {
             Component: UserManagementProvider,
             props: {
@@ -16,3 +31,74 @@ export function useUserManagementPlugin({ userManagement }: {
         }
     }
 }
+
+export function IntroWidget({
+                                noUsers,
+                                noRoles,
+                                userManagement
+                            }: {
+    noUsers: boolean;
+    noRoles: boolean;
+    userManagement: UserManagement<PersistedUser>;
+}) {
+
+    const authController = useAuthController();
+    const snackbarController = useSnackbarController();
+
+    const buttonLabel = noUsers && noRoles
+        ? "Create default roles and add current user as admin"
+        : noUsers
+            ? "Add current user as admin"
+            : noRoles ? "Create default roles" : undefined;
+
+    return (
+        <Paper
+            className={"my-4 flex flex-col px-4 py-6 bg-white dark:bg-slate-800 gap-2"}>
+            <Typography variant={"subtitle2"} className={"uppercase"}>Create your users and roles</Typography>
+            <Typography>
+                You have no users or roles defined. You can create default roles and add the current user as admin.
+            </Typography>
+            <Button onClick={() => {
+                if (!authController.user?.uid) {
+                    throw Error("UsersTable, authController misconfiguration");
+                }
+                if (noUsers) {
+                    userManagement.saveUser({
+                        uid: authController.user?.uid,
+                        email: authController.user?.email,
+                        displayName: authController.user?.displayName,
+                        photoURL: authController.user?.photoURL,
+                        providerId: authController.user?.providerId,
+                        isAnonymous: authController.user?.isAnonymous,
+                        roles: [{
+                            id: "admin",
+                            name: "Admin"
+                        }],
+                        created_on: new Date()
+                    })
+                        .then(() => {
+                            snackbarController.open({
+                                type: "success",
+                                message: "User added successfully"
+                            })
+                        })
+                        .catch((error) => {
+                            snackbarController.open({
+                                type: "error",
+                                message: "Error adding user: " + error.message
+                            })
+                        });
+                }
+                if (noRoles) {
+                    DEFAULT_ROLES.forEach((role) => {
+                        userManagement.saveRole(role);
+                    });
+                }
+            }}>
+                <AddIcon/>
+                {buttonLabel}
+            </Button>
+        </Paper>
+    );
+
+}

package/src/utils/permissions.ts

@@ -45,13 +45,14 @@ export function resolveUserRolePermissions<UserType extends User>
 function resolveCollectionRole(role: Role, id: string): Permissions {
 
     const basePermissions = {
-        read: role.isAdmin || role.defaultPermissions?.read,
-        create: role.isAdmin || role.defaultPermissions?.create,
-        edit: role.isAdmin || role.defaultPermissions?.edit,
-        delete: role.isAdmin || role.defaultPermissions?.delete
+        read: (role.isAdmin || role.defaultPermissions?.read) ?? false,
+        create: (role.isAdmin || role.defaultPermissions?.create) ?? false,
+        edit: (role.isAdmin || role.defaultPermissions?.edit) ?? false,
+        delete: (role.isAdmin || role.defaultPermissions?.delete) ?? false
     };
-    if (role.collectionPermissions && role.collectionPermissions[id]) {
-        return mergePermissions(role.collectionPermissions[id], basePermissions);
+    const thisCollectionPermissions = role.collectionPermissions?.[id];
+    if (thisCollectionPermissions) {
+        return mergePermissions(thisCollectionPermissions, basePermissions);
     } else if (role.defaultPermissions) {
         return mergePermissions(role.defaultPermissions, basePermissions);
     } else {